summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKonrad Weihmann <kweihmann@outlook.com>2021-04-22 18:48:27 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-04-30 14:37:32 +0100
commit4c9d9b798592657bca310af87392dadf87742998 (patch)
tree82c9d0273596dde96606ed4ce50849fcb3799e75
parent008f22924921fb46cb38c0c2f8a85f79289bf7bb (diff)
downloadpoky-4c9d9b798592657bca310af87392dadf87742998.tar.gz
poky-4c9d9b798592657bca310af87392dadf87742998.tar.bz2
poky-4c9d9b798592657bca310af87392dadf87742998.zip
cve-update-db-native: skip on empty cpe23Uri
Recently an entry in the NVD DB appeared that looks like that {'vulnerable': True, 'cpe_name': []}. As besides all the vulnerable flag no data is present we would get a KeyError exception on acccess. Use get method on dictionary and return if no meta data is present Also quit if the length of the array after splitting is less than 6 (From OE-Core rev: e9776c55cf251fc884ac3ce4fd6c96769b1d17ff) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 00ce2796d97de2bc376b038d0ea7969088791d34) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/meta/cve-update-db-native.bb7
1 files changed, 6 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index b3dc33734d..b073936298 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -138,7 +138,12 @@ def parse_node_and_insert(c, node, cveId):
for cpe in node.get('cpe_match', ()):
if not cpe['vulnerable']:
return
- cpe23 = cpe['cpe23Uri'].split(':')
+ cpe23 = cpe.get('cpe23Uri')
+ if not cpe23:
+ return
+ cpe23 = cpe23.split(':')
+ if len(cpe23) < 6:
+ return
vendor = cpe23[3]
product = cpe23[4]
version = cpe23[5]